From 57d12aab9e2d1688ae9174d96e1de08dd0e09ea8 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 14 Apr 2026 13:45:51 +0000
Subject: [PATCH] Move firewall ports to their respective service modules

Agent-Logs-Url: https://github.com/naturallaw777/staging_alpha/sessions/e4dbc0e0-e273-4e3e-a1ec-059ae9b06a50

Co-authored-by: naturallaw777 <99053422+naturallaw777@users.noreply.github.com>
---
 configuration.nix            | 3 +--
 modules/bitcoinecosystem.nix | 3 +++
 modules/core/sovran-hub.nix  | 2 +-
 modules/synapse.nix          | 3 +++
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 2f2686d..043d778 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -31,8 +31,7 @@
   networking.hostName = "nixos";
   networking.networkmanager.enable = true;
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 8448 3051 ];
-  networking.firewall.allowedUDPPorts = [ 8448 3051 5353 ];
+  networking.firewall.allowedUDPPorts = [ 5353 ];
 
   # ── Avahi (mDNS) ───────────────────────────────────────────
   services.avahi = {
diff --git a/modules/bitcoinecosystem.nix b/modules/bitcoinecosystem.nix
index 76f4166..ac8b8b5 100755
--- a/modules/bitcoinecosystem.nix
+++ b/modules/bitcoinecosystem.nix
@@ -99,6 +99,9 @@ lib.mkIf config.sovran_systemsOS.services.bitcoin {
     '';
   };
 
+  networking.firewall.allowedTCPPorts = [ 3051 ];
+  networking.firewall.allowedUDPPorts = [ 3051 ];
+
    sovran_systemsOS.domainRequirements = [
     { name = "btcpayserver"; label = "BTCPay Server"; example = "pay.yourdomain.com"; }
   ];
diff --git a/modules/core/sovran-hub.nix b/modules/core/sovran-hub.nix
index 908eddc..acb2cd5 100644
--- a/modules/core/sovran-hub.nix
+++ b/modules/core/sovran-hub.nix
@@ -375,7 +375,7 @@ in
 
     environment.systemPackages = [ sovran-hub-web ];
 
-    networking.firewall.allowedTCPPorts = [ 3051 8937 60847 ];
+    networking.firewall.allowedTCPPorts = [ 8937 60847 ];
 
     # ── Auto-launch Hub in browser on login ───────────────────────
     environment.etc."xdg/autostart/sovran-hub-autolaunch.desktop".text = ''
diff --git a/modules/synapse.nix b/modules/synapse.nix
index 2950d78..a2e914e 100755
--- a/modules/synapse.nix
+++ b/modules/synapse.nix
@@ -251,6 +251,9 @@ CREDS
     '';
   };
 
+  networking.firewall.allowedTCPPorts = [ 8448 ];
+  networking.firewall.allowedUDPPorts = [ 8448 ];
+
   sovran_systemsOS.domainRequirements = [
     { name = "matrix"; label = "Matrix Synapse"; example = "matrix.yourdomain.com"; }
   ];